Critical Security Flaw in Many Ethernet Device Drivers

By Phantasm66
Jan 6, 2003
  1. If one follows the Ethernet Standard correctly, each packet transmitted on an Ethernet network should be a minimum of 46 bytes. Some higher level protocols, however, often require that smaller packets be sent. In this instance, devices are supposed to fill the remaining area with null data (i.e. randomly generated gibberish). However, there seems to be evidence that many Ethernet device drivers do not pad the packets with true null data, and in fact pad it with real data from previous packets!!! Aaaaaaaaaaaaaaaaaaaaah! BAD NEWS!

    The investigations were conducted by researchers at @stake Inc., in Cambridge, Mass., and the CERT Coordination Center has posted on its Web site a list of vendors whose products may be affected by this vulnerability. That is available here.

    Full story here.
Topic Status:
Not open for further replies.

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.